Analysis
-
max time kernel
2s -
max time network
8s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
12-11-2020 14:39
Static task
static1
Behavioral task
behavioral1
Sample
fadb4aa2c48a407c9e482cdad076173f54676a6ae20928ea5f36305c75971f0f.dll
Resource
win7v20201028
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
fadb4aa2c48a407c9e482cdad076173f54676a6ae20928ea5f36305c75971f0f.dll
Resource
win10v20201028
0 signatures
0 seconds
General
-
Target
fadb4aa2c48a407c9e482cdad076173f54676a6ae20928ea5f36305c75971f0f.dll
-
Size
304KB
-
MD5
fc257dc14f4be29ccd62db4e785e350d
-
SHA1
fdbf4c032a9d95745de18f3b34c213f91a2db73c
-
SHA256
fadb4aa2c48a407c9e482cdad076173f54676a6ae20928ea5f36305c75971f0f
-
SHA512
1f687eaf6f506f14cc67f7de8e7dd7513e958c63936ec643ca5a454faca6e9f4e25a5351f0c6591b51faf08712b2af1af2925299581247148b429aba7ed3d98e
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 844 1816 WerFault.exe rundll32.exe -
Suspicious behavior: EnumeratesProcesses 5 IoCs
Processes:
WerFault.exepid process 844 WerFault.exe 844 WerFault.exe 844 WerFault.exe 844 WerFault.exe 844 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
WerFault.exedescription pid process Token: SeDebugPrivilege 844 WerFault.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1816 wrote to memory of 844 1816 rundll32.exe WerFault.exe PID 1816 wrote to memory of 844 1816 rundll32.exe WerFault.exe PID 1816 wrote to memory of 844 1816 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\fadb4aa2c48a407c9e482cdad076173f54676a6ae20928ea5f36305c75971f0f.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1816 -s 562⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken